asyncrat | 09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a | Triage

Submit
Reports

Overview

overview

Static

static

09f0f7270d...7a.exe

windows7-x64

09f0f7270d...7a.exe

windows10-2004-x64

Sharing

General

Target

09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a.exe
Size

45KB
Sample

240514-qy82hshd8t
MD5

2aaea866166221511fbd56b52f0cef64
SHA1

58fb45e8808e6b523ba942088a45a49e780e6f2f
SHA256

09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a
SHA512

de4029ade64782692fd4fae84f60d74587b73220f180d4b2b362c0670d980f2a04ecd1ecca0afafb8fad43f3fb11eafdade3002bba1686137a55a74fe50fc379
SSDEEP

768:NuLN+TwQhclWUlNzWmo2qDMKjPGaG6PIyzjbFgX3iN8F0S6d+Aj6gBDZOx:NuLN+Twip2lKTkDy3bCXSNS2Rj62dOx

Score

10^/10

asyncrat zgrat default execution rat spyware stealer

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a.exe

Resource

win7-20240221-en

asyncrat zgrat default execution rat spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a.exe

Resource

win10v2004-20240508-en

asyncrat zgrat default execution rat spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

94.228.162.82:6606

94.228.162.82:7707

94.228.162.82:8808

Mutex

nZrC1RL7rHnC

Attributes

delay
3
install
true
install_file
appBroker.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a.exe
- Size
  
  45KB
- MD5
  
  2aaea866166221511fbd56b52f0cef64
- SHA1
  
  58fb45e8808e6b523ba942088a45a49e780e6f2f
- SHA256
  
  09f0f7270df05c3dae84defc043db7b411a5f8610ea93a2c85dd98c7a927c47a
- SHA512
  
  de4029ade64782692fd4fae84f60d74587b73220f180d4b2b362c0670d980f2a04ecd1ecca0afafb8fad43f3fb11eafdade3002bba1686137a55a74fe50fc379
- SSDEEP
  
  768:NuLN+TwQhclWUlNzWmo2qDMKjPGaG6PIyzjbFgX3iN8F0S6d+Aj6gBDZOx:NuLN+Twip2lKTkDy3bCXSNS2Rj62dOx
Score

10^/10

asyncrat zgrat default execution rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratzgratdefaultexecutionratspywarestealer

behavioral2

asyncratzgratdefaultexecutionratspywarestealer

© 2018-2024

Terms | Privacy